01.16.07
MySpace Phish Grabs 56000+ Usernames and Passwords
It would seem that a lot of people still haven't learned to check their address bar prior to logging into a page... I say a lot because at least 1 or 2 of the 56000 users taken in by http://www.marcolano.com/login (google cache) provided false information.
I actually feel quite bad for the users involved in this phishing quest. Generally your password is obtained by the person running the phish attempt, however someone felt the need to provide a link to the list of passwords as it was being created. After the site was taken down, someone had the "genius" thought of circulating this list on the Full Disclosure mailing list.
A quick whois of the domain provides the following details:
Domain name: marcolano.com
Registrant Contact:
LunarDev Productions
Marc Olano (marcolano@hotmail.com)
+1.8583738773
Fax: none
1252 Grand Avenue
San Diego, CA 92109
US
I've fired off an email to Marc to see if he was responsible or if it was a website compromise. If he was responsible, I've also asked him what his motivation was, although I doubt I'll receive a response. I've also fired off an email to MySpace in case they were unaware of the issue (which seems doubtful), and I find it interesting that they don't have a generic security contact address that's easy to find on their website. This is something that all major websites should have, in my opinion, easily viewable on their main page.
I would like to note that this page was submitted to the FireFox 2.0 Phishing Protection page. As soon as I attempted to visit the page, even though the server was down and no page was loaded, I received a warning about the site being reported as a fake.
[UPDATE] Brian Krebs has published an article where he performs breakdowns of the passwords. Providing the most common passwords, the number of unique passwords, and a count of the length of the passwords.
Peace,
HT
Marc Olano said,
January 26, 2007 at 6:51 pm
I’m a victim here. Someone hacked into my domain account, set up those hacks, and phished accounts on myspace… but we have since resolved the issue. I apologize if you have been victimized as well, but really, think about it. If I were a hacker why would I use my own domain, that I’ve had up the last three years, and jeopordize something like this happening? Beleive me or not. But it’s the truth.
-Marc
Tyler Reguly said,
January 28, 2007 at 5:18 am
Thanks for the comment Marc… Apparently my Spam filter caught the post.. I just saw it now while I was going through the list to clean it out. And what you say does make sense…
A said,
March 23, 2007 at 4:25 am
HELP!!!!!!! ok, whenever i try & login to myspace i get a server error page with big red writing and with loads of stuff about runtime errors ,custom errors, confuguration and loads of other stuff i cant understand. i think this is a virus……….my page is still there but i cant log in. cant look at anyones photos either.cant contact myspace.this stupid page comes up everytime. how do i get rid of the virus? does anyone know? or is anyone else havin the same shit?
would appreciate any clues! peace, A
socialham.com » Blog Archive » RIP MySpace Robot Software said,
April 10, 2007 at 7:47 pm
[...] MySpace recently shut down all of the major providers of automated MySpace marketing applications or "robots". What started as a great tool for small businesses had become a spammer’s paradise. Instead of targeted and ethical marketing campaigns MySpace quickly became polluted with everything from free gift card scams to adult web cam sites. Add this to the increasing problem of MySpace accounts being phished and members found themselves receiving huge amounts of advertisements from deceivingly fake profiles. My profile receives up to 500 messages each day with 99% of them clearly coming from automated software or phishing campaigns. [...]